Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

111

112

113

114

115

116

117

118

119

120

Chain CIP_INPUT (1 references)

pkts bytes target prot opt in out source destination

18 972 ftp tcp -- any any anywhere anywhere

tcp dpts:ftp-data:ftp

4 224 telnet tcp -- any any anywhere anywhere

tcp dpt:telnet

Chain CIP_INPUT_p (1 references)

pkts bytes target prot opt in out source destination

Chain ftp (1 references)

pkts bytes target prot opt in out source destination

2 120 REJECT all -- eth2 any anywhere anywhere

reject-with icmp-port-unreachable

Chain telnet (1 references)

pkts bytes target prot opt in out source destination

1 60 REJECT all -- !eth2 any anywhere anywhere

reject-with icmp-port-unreachable

IP6TABLES Configuration:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

21175 2062K ACCEPT all eth0 any anywhere anywhere

0 0 CIP_INPUT all any any anywhere anywhere

0 0 CIP_INPUT_p all any any anywhere anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 169 packets, 12844 bytes)

pkts bytes target prot opt in out source destination

Chain CIP_INPUT (1 references)

pkts bytes target prot opt in out source destination

Chain CIP_INPUT_p (1 references)

pkts bytes target prot opt in out source destination

----------------------------------------------------------------------

Termination Info: 0

To allow inbound SNMP TRAPS (port 162) from IP address 100.100.100.56 only:

climcmd g6clim1 climconfig iptables -N snmptrap

climcmd g6clim1 climconfig iptables -A snmptrap ! -s 100.100.100.56 -j REJECT

climcmd g6clim1 climconfig iptables -A CIP_INPUT -p tcp --dport 162 -j snmptrap

climcmd g6clim1 climconfig iptables -A CIP_INPUT -p udp --dport 162 -j snmptrap

Following is the output for these commands:

\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD g6clim1 climstatus -o t

climiptables Enabled: Yes

----------------------------------------------------------------------

IPTABLES Configuration:

Chain INPUT (policy ACCEPT 1 packets, 64 bytes)

pkts bytes target prot opt in out source destination

5652 1325K ACCEPT all -- any any G6CLIM1 anywhere

586K 228M ACCEPT all -- eth0 any anywhere anywhere

14 725 CIP_INPUT all -- any any anywhere anywhere

3 144 CIP_INPUT_p all -- any any anywhere anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 821 packets, 165K bytes)

pkts bytes target prot opt in out source destination

Chain CIP_INPUT (1 references)

pkts bytes target prot opt in out source destination

Configuring CIP iptables/ip6tables (IP CIP) 111